[ARTEMIS-4060] Upgrade Commons Text to 1.10.0 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Dependency upgrade
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 2.26.0
Fix Version/s: 2.27.0
Component/s: None
Labels:
None

Description

Apache Commons Text versions prior to 1.10.0 are vulnerable to CVE-2022-42889, which involves potential script execution when processing untrusted input using StringLookup. Direct and transitive references to Apache Commons Text prior to 1.10.0 should be upgraded to avoid the default interpolation behavior.

Attachments

Issue Links

is duplicated by

ARTEMIS-4069 CVE-2022-42889: commons-text-1.9

Resolved

relates to

TINKERPOP-2815 Critical security vulnerability for apache commons-text

Closed

HADOOP-18497 Upgrade commons-text version to fix CVE-2022-42889

Resolved

NIFI-10648 Upgrade Commons Text to 1.10.0

Resolved

SPARK-40801 Upgrade Apache Commons Text to 1.10

Resolved

links to

GitHub Pull Request #4263

(1 links to)

Activity

People

Assignee:: Robbie Gemmell

Reporter:: Steffen Flemming

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 19/Oct/22 15:02

Updated:: 09/Nov/22 01:29

Resolved:: 19/Oct/22 18:37

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

20m